b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2 | Triage

Analysis

max time kernel
29s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
09/07/2024, 18:52

Sharing

Report Analysis Logs

General

Target

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2.apk
Size

3.6MB
MD5

137051f21856123cb25530994883e1cc
SHA1

024bdee3a7bec368a8a460ac09e07e361776451a
SHA256

b0b006464c4eb6ecc09ebbcea91f56822f97bab9d8e4341d362ed94257c76aa2
SHA512

4579cbe55dad6ad44a14b166124fd047aca37aed136258dfe5d976a27e955239568c3091f502fa4d7b11b3136a99e453b99508385812c373f6a74cdc6e2b8c0b
SSDEEP

98304:OAyaNOBvwbNZapFvjvyjJUy1lDB3uQ5ZWqyOSvNb:8aNOFwbupFbvyjJlfeQHWqy3b

Score

6^/10

discovery impact persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

System Network Configuration Discovery

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	X.God.X

Checks memory information 2 TTPs 1 IoCs

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4258

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
85febef7a8063136540b9a21e104b46a

SHA1
ffad2f6d35299ccdde181b59d4da08849a5713b8

SHA256
8f775b00246ca9f51d17356a5ce0cb39946c44268eb974bf2d0a4276a2ef1c14

SHA512
05dc176aea7303f6b67ac664aaa811b12b7d42c0cd800afa479da2a9d4ec244095653bf13cc920a368e97d3a0596140eab28a86acd141a013d070030e98d0b58

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
91d16952969e2de6427216e612c2a4d9

SHA1
a77423f219432b8447d21bff4a3c4d2d15e2a427

SHA256
349f9146510b590bdd0d1f1bb1e43d3a88dc72c8b38fb8deff72fb46bd60f16e

SHA512
b44d2bf626cac454cc961551b477b4dcbbc68938abb9a4306a42a57b32f8583bdaea1dd8a791c05490be42134344d05d58cf7f8b329b459a9130b4ea38ed1dfb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ece43ab4a47765961184431098ed48e2

SHA1
5237e9b4748fa78f6b8f420e230ef81fab9e9945

SHA256
4666c353cb8e07b7fa44d547ce2569fc7aae5e26c6d49cb4432dc69cf593e7f1

SHA512
1e48b46bfaa215dd89eb30ef587d2e5dcc7fe6e3c38e43fe2679d95924f6d30ca8dfb78bda8eb93ec06d8b2380bfe6a4f5e6c150ba31c53ba9baad1b6cc04697

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b93dd1f497e54ff43107ef6f049cd9f6

SHA1
7679ecc5effe44139029cfb76336a3655c64c2cc

SHA256
4733444589659ce355b3a8bf9a1145794cd2b17f9751fb314778a867c2c83a74

SHA512
171201bb0d21e2ac6096c1ef013d35d83edd23bd79dbe68d2cfcdeadca884221f997b49d20aa0a4f9d74f55f159637e09345f0fcb1833fb59d151a1733b981ca

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3e881d9a01ca707bed38018ac69f4518

SHA1
5820f9351d7cc8082de6e5686eb9f8fedf6fb830

SHA256
4a5bf9bfe9b032546f886dd5fe6717de78716734aaadab620c0444ed6df5151c

SHA512
8f0395c94b3a449f3c61e7117f400c7b8a12c23d3655be6772bce2c8aa0ec8d8be8000c5cd2c6e10b334ef54a4add5583717393c3239da80c334c45b8b392db8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
aa7de594270cdda03262c4de76da28e0

SHA1
14c2cf55ae8310e8bb0910142cbb6a0a9dedbca0

SHA256
183b5d2eb87a6a577d086327f131cbf5a5d1187b09499f3a1e3f1556af7b18cd

SHA512
ebe0c3985c8a6164f55402f07967486c9714afcb2ab17ac751fc43f0c3012de40485e302845bb7b8ea5cb3e57b469a290fef899e948b9e1742ca12fcbbd17203

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e8067b98adc486ecaf87c1b81e5f5a11

SHA1
a23a14975260fe1e29478f65574fd0f7b073bcce

SHA256
a8e3df56e7ea9ff69dea8b11d715023d73ceedc5019d8e643fbb512933511125

SHA512
02dbc987b4eeb5a5d4121c6e1e305a3a4a3369c793629722a2acbfed33d21bdbbd42cf8425bcf8e614f34f0d076e5f675acb092dcb308e5cacc718dd80bf4e26

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
57471e60bdc622b25e0342715e40cdce

SHA1
24445ba85921eaa2b8c832354fc7d4d7c3b97d32

SHA256
d55ca080e20065c45846261028094ce348bf15d2927650b4db0d8d641612c006

SHA512
8ce4fc274ac2a14064a2dde052e1caa4d5ef1baec2022dad61105e56263350f1d6e160b080c1805361458839757a6d9bc7800c45325ba8e19a277167e40d66eb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
15b4b440d7e7aec51267df05d4a184aa

SHA1
b2079b7a600835cbcd378949103ee75fd08703d3

SHA256
5e4da6220f755a6de3b4e53a38f015be5703222a98efe9a981423d6e0fde1967

SHA512
20334c778143a312f21571bda1dee557dd04671aae0067d9818927e6d8b089ffd84602c168dd67163e01d7991c05aebfb18db03a4814c566c8dae5b285792ee3

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ec84a12896a72a928de196bbfae27600

SHA1
8cafe76bb2d5cf97bfeb589ef72bfd33dabaa0d6

SHA256
8f8452b0128e438d121918b8248506d9a5b0bb5f500bbda32078dca25b32247a

SHA512
6a2ff4a7e93d9324edfcfa0dca14ce4f963f5caefb4fe74f4d40a72c474dabb834e99ec5835f15d5c26fd66fc48d24fc642d2e7076afb69416b73f9cb27eccd3

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
bd862181d8a7ffcb738c4e28187e1c6e

SHA1
e3159d8a0f3a6d23eef256383cb800122920c99e

SHA256
0df60c4261b28a75ecfc9ab7283438b6ba187c9b93aee25151de1e76b314fd76

SHA512
8cdba11bce837077f7194fb40f66d26c0c05265c586fe447f68da5d69c2c4a6d929d246e2c6816f7f285e4d5bc4e08b986729629a303c3ed1f9c0eb05415da6f

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
44882a6a8eee51aa38373b31af6da590

SHA1
474cab79b2f272c9eb50bd318defd4c52e071cca

SHA256
e4d87278066807c71604c4e6c3636368669f58643a55b43400bfde4691ca2af3

SHA512
930cd78699def38c672e0572ef1fc1a416b2b61f275005aacf5d356162bf4f566cf1875b1317bcba91a104cce2db121db5eb12bd24ad97f507dc1ec459e3248c

Download Submit
/data/data/X.God.X/files/PersistedInstallation1778864259830928162tmp

Filesize
569B

MD5
817520528f3e510155054af10c5cc295

SHA1
a3d522936f306d18e24b9d078b1a3f943b137e3a

SHA256
4af36ae704101d354b9bd286d72fefede6df21f611c8492bed2bec0040fe0769

SHA512
72f73846f720cadc642d032da6fe8f96dbc0e87c9b0cc093aa79a64c2ecbe38b7da4773999a94276a813ec9da23dc07422fecc35ab39ac4e27d65a920be88852

Download Submit
/data/data/X.God.X/files/PersistedInstallation46945502821968761tmp

Filesize
90B

MD5
87b8ce250e8ec82f9797dce5ab26c715

SHA1
0d957a2c7bbabe5a5b56be588d25bd6bd7db8b05

SHA256
1950ddf2c28d0bf5c3ccd3ffc21e45dc6cbdc23d4d592e36da89caa880c2539a

SHA512
1b7bb4c31a960d2b1b951a55dbfb9291191b3d7735b20b793d56ea60cf80a22c1d32ddbf97e9863e8f3fbb8c1ef97cbeaf401f556235e52602464c5e71e7b7f6

Download Submit